As computing systems have advanced and become cheaper, enterprises have an increasingly large number of computers. At the same time, software applications and operating systems have become increasingly complex and the number of security vulnerabilities has increased. Security threats of a variety of threat levels are discovered frequently and new security threats may be discovered everyday. Accordingly, analysis of security vulnerabilities has become increasingly important as security vulnerabilities may expose an enterprise to significant harm, including theft of valuable and sensitive information, damage to valuable work products (e.g., deletion or corruption of files, data, or software programs, etc.), and system damage causing loss of productivity, revenue, etc.
Conventional risk management techniques do not utilize endpoint client configuration data for detailed security analysis. For example, client configuration data is typically compared against checklists of best practices and allowed/disallowed configuration elements, such as allowed software programs. Such high-level approaches to client configuration security do not provide detailed quantification of risks associated with client configurations. Further, prioritization of security risks is not presented and thereby does not enable reduction of the risks associated with client vulnerabilities.